公开(公告)号：US10797941B2

公开(公告)日：2020-10-06

申请号：US15647459

申请日：2017-07-12

Applicant: Cisco Technology, Inc.

Inventor： Samar Sharma ,  Rakesh B. Goudar ,  Chandrashekarappa Surekha Puttasubbappa ,  John Andrew Fingerhut

IPC: G06F15/16 ,  H04L12/24 ,  H04L12/26 ,  H04L12/851

Abstract: A network element includes one or more hardware memory resources of fixed storage capacity for storing data used to configure a plurality of networking features of the network element. A utilization management process runs on the network element to perform operations including obtaining utilization data representing utilization of the one or more hardware memory resources, and analyzing the utilization data of the one or more hardware memory resources to produce summarized utilization data.

公开(公告)号：US20180019913A1

公开(公告)日：2018-01-18

申请号：US15647459

申请日：2017-07-12

Applicant: Cisco Technology, Inc.

Inventor： Samar Sharma ,  Rakesh B. Goudar ,  Chandrashekarappa Surekha Puttasubbappa ,  John Andrew Fingerhut

IPC: H04L12/24 ,  H04L12/26 ,  H04L12/851

CPC classification number: H04L41/08 ,  H04L41/0803 ,  H04L41/0823 ,  H04L41/0883 ,  H04L41/0896 ,  H04L41/142 ,  H04L41/50 ,  H04L43/022 ,  H04L43/0817 ,  H04L43/0876 ,  H04L47/24

Abstract: A network element includes one or more hardware memory resources of fixed storage capacity for storing data used to configure a plurality of networking features of the network element. A utilization management process runs on the network element to perform operations including obtaining utilization data representing utilization of the one or more hardware memory resources, and analyzing the utilization data of the one or more hardware memory resources to produce summarized utilization data.

公开(公告)号：US09245626B2

公开(公告)日：2016-01-26

申请号：US13661356

申请日：2012-10-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： John Andrew Fingerhut ,  Balamurugan Ramaraj

IPC: G06F13/00 ,  G06F13/28 ,  G11C15/00 ,  H04L12/701 ,  H04L12/931

CPC classification number: G11C15/00 ,  H04L45/00 ,  H04L45/64 ,  H04L45/7453 ,  H04L45/7457 ,  H04L49/00

Abstract: An example method includes partitioning a memory element of a router into a plurality of segments having one or more rows, where at least a portion of the one or more rows is encoded with a value mask (VM) list having a plurality of values and masks. The VM list is identified by a label, and the label is mapped to a base row number and a specific number of bits corresponding to the portion encoding the VM list. Another example method includes partitioning a prefix into a plurality of blocks, indexing to a hash table using a value of a specific block, where a bucket of the hash table corresponds to a segment of a ternary content addressable memory of a router, and storing the prefix in a row of the segment.

Abstract translation: 示例性方法包括将路由器的存储元件划分成具有一行或多行的多个段，其中一行或多行的至少一部分用具有多个值和掩码的值掩码（VM）列表编码 。 VM列表由标签标识，并且标签被映射到与编辑VM列表的部分相对应的基本行号和特定数量的位。 另一示例性方法包括将前缀划分为多个块，使用特定块的值将哈希表索引到哈希表，其中哈希表的桶对应于路由器的三元内容可寻址存储器的段，并且存储 片段的一行中的前缀。

公开(公告)号：US20140201837A1

公开(公告)日：2014-07-17

申请号：US14107768

申请日：2013-12-16

Applicant: Cisco Technology, Inc.

Inventor： George Varghese ,  Flavio Giovanni Bonomi ,  John Andrew Fingerhut

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  H04L63/145

Abstract: A method and system to detect an evasion attack are provided. The system may include a repository to store signature fragments that together constitute an attack signature, an interceptor to intercept a data packet associated with a network connection, a string-matching module to determine whether the payload of the data packet includes any of the stored signature fragments thereby identifying a match, a responder to perform a prevention action in response to the match, and a detector to detect that a size of the data packet is less than a size threshold. The system may further include a state machine to commence maintaining a state for the network connection in response to the detector determining that the size of the data packet is less than the size threshold.

Abstract translation: 提供了一种检测逃避攻击的方法和系统。 系统可以包括存储器，用于存储一起构成攻击签名的签名片段，拦截与网络连接相关联的数据分组的拦截器，字符串匹配模块，用于确定数据分组的有效载荷是否包括任何存储的签名 片段，从而识别匹配，响应者执行响应于匹配的预防动作;以及检测器，用于检测数据包的大小小于尺寸阈值。 该系统还可以包括状态机，以响应于检测器确定数据分组的大小小于该大小阈值开始维持网络连接的状态。

公开(公告)号：US20140122791A1

公开(公告)日：2014-05-01

申请号：US13661356

申请日：2012-10-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： John Andrew Fingerhut ,  Balamurugan Ramaraj

IPC: G06F12/02

CPC classification number: G11C15/00 ,  H04L45/00 ,  H04L45/64 ,  H04L45/7453 ,  H04L45/7457 ,  H04L49/00

Abstract: An example method includes partitioning a memory element of a router into a plurality of segments having one or more rows, where at least a portion of the one or more rows is encoded with a value mask (VM) list having a plurality of values and masks. The VM list is identified by a label, and the label is mapped to a base row number and a specific number of bits corresponding to the portion encoding the VM list. Another example method includes partitioning a prefix into a plurality of blocks, indexing to a hash table using a value of a specific block, where a bucket of the hash table corresponds to a segment of a ternary content addressable memory of a router, and storing the prefix in a row of the segment.

Abstract translation: 示例性方法包括将路由器的存储元件划分成具有一行或多行的多个段，其中一行或多行的至少一部分用具有多个值和掩码的值掩码（VM）列表编码 。 VM列表由标签标识，并且标签被映射到与编辑VM列表的部分相对应的基本行号和特定数量的位。 另一示例性方法包括将前缀划分为多个块，使用特定块的值将哈希表索引到哈希表，其中哈希表的桶对应于路由器的三元内容可寻址存储器的段，并且存储 片段的一行中的前缀。